4.0 had no encryption enabled. user.vm.random.password is by default false, so system.vm.password won't be present in the db by default.
Only if user.vm.random.password is set to true, system.vm.password will be generated but would be unencrypted. So the upgrade script will search for user.vm.password in the db and encrypt it. I will provide the upgrade script as soon as I am done. Thanks, Saksham -----Original Message----- From: Ram Ganesh [mailto:ram.gan...@citrix.com] Sent: Thursday, January 17, 2013 1:00 AM To: cloudstack-dev@incubator.apache.org; Chip Childers Cc: Kishan Kavala; Rajesh Battala; Chiradeep Vittal; Rohit Yadav Subject: RE: Review Request: CLOUDSTACK-822 system.vm.password is not encrypted Chiradeep, I have filed a doc bug, CLOUDSTACK-991, to track this one. > -----Original Message----- > From: Chiradeep Vittal [mailto:chiradeep.vit...@citrix.com] > Sent: 17 January 2013 00:11 > To: CloudStack DeveloperList; Chip Childers > Cc: Kishan Kavala; Rajesh Battala; Chiradeep Vittal; Rohit Yadav > Subject: Re: Review Request: CLOUDSTACK-822 system.vm.password is not > encrypted > > This also needs to be documented. Can you raise a documentation issue? > What about the upgrade from 4.0 case? Are we encrypting previously > unencrypted passwords? > > On 1/16/13 10:05 AM, "Saksham Srivastava" > <saksham.srivast...@citrix.com> > wrote: > > >As Kishan pointed out on the review board , changing the category to > >"Secure" will be a way out. > >Secure configurations are listed whenever admin will execute > >listConfiguration API , unlike Hidden configurations which do not get > >listed. > >If however the password is not encrypted, a management server restart > >might fail whenever system.vm.random.password is set to true as CS > will > >try to decrypt system.vm.password . > > > >Thanks, > >Saksham > > > >-----Original Message----- > >From: Chip Childers [mailto:chip.child...@sungard.com] > >Sent: Wednesday, January 16, 2013 8:23 PM > >To: cloudstack-dev@incubator.apache.org > >Cc: Saksham Srivastava; Kishan Kavala; Rajesh Battala; Chiradeep > Vittal; > >Rohit Yadav > >Subject: Re: Review Request: CLOUDSTACK-822 system.vm.password is not > >encrypted > > > >Can we get an answer to Chiradeep's question below before this is > >committed? > > > >On Thu, Jan 10, 2013 at 1:49 PM, Chiradeep Vittal > ><chiradeep.vit...@citrix.com> wrote: > >> The question around how the cloud admin can log in to the system vm > >> without visibility into the actual password needs to be resolved. > Can > >> the UI display the unencrypted password whenever the console is > viewed? > >> > >> On 1/10/13 4:40 AM, "Saksham Srivastava" > >> <saksham.srivast...@citrix.com> > >> wrote: > >> > >>> > >>>----------------------------------------------------------- > >>>This is an automatically generated e-mail. To reply, visit: > >>>https://reviews.apache.org/r/8859/ > >>>----------------------------------------------------------- > >>> > >>>(Updated Jan. 10, 2013, 12:40 p.m.) > >>> > >>> > >>>Review request for cloudstack and Kishan Kavala. > >>> > >>> > >>>Changes > >>>------- > >>> > >>>Changing the category to "Secure" instead of "Hidden" and > >>>Encrypting the password. > >>> > >>> > >>>Description > >>>------- > >>> > >>>Parameter 'system.vm.password' is not encrypted. Need to encrypt it. > >>> > >>> > >>>This addresses bug CLOUDSTACK-822. > >>> > >>> > >>>Diffs (updated) > >>>----- > >>> > >>> server/src/com/cloud/server/ConfigurationServerImpl.java b25c63f > >>> > >>>Diff: https://reviews.apache.org/r/8859/diff/ > >>> > >>> > >>>Testing > >>>------- > >>> > >>>Tested Locally. > >>> > >>> > >>>Thanks, > >>> > >>>saksham srivastava > >>> > >> > >>
